Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Loader.exe

windows7-x64

10

Loader.exe

windows10-2004-x64

10

Resubmissions

20/02/2023, 15:21

230220-sraw9aah2w 10

16/02/2023, 15:11

230216-skqn5ahg4v 10

15/02/2023, 15:45

230215-s63ktacd2y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    445KB

  • Sample

    230220-sraw9aah2w

  • MD5

    9e30553b003e6c9099ce52ea18d0a6f9

  • SHA1

    b4de671b594ad90439a43cf4de49606ee6798298

  • SHA256

    eddd58f52fc1ead5886f788892412d23a0fa5fc4c76af2548ea7321c2f6c4d9c

  • SHA512

    5788097d8a613e78644e8a94123b06d93c708216fe92c2865017933bd3b4ec507107c68ec31c7d58c595032b570f8c4e8f56db9d51927a3764fb699d89ff70c3

  • SSDEEP

    6144:EAYL50f+dgN8BMStlQfAk/X0DfU/8utzIPrdWspxFoZDf820w7/vFip6y/OMB:EAM9e82fZPMfq3tzWdvoZL9/fMB

Score
10/10
vidar408spywarestealer

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes
  • profile_id

    408

Targets

    • Target

      Loader.exe

    • Size

      445KB

    • MD5

      9e30553b003e6c9099ce52ea18d0a6f9

    • SHA1

      b4de671b594ad90439a43cf4de49606ee6798298

    • SHA256

      eddd58f52fc1ead5886f788892412d23a0fa5fc4c76af2548ea7321c2f6c4d9c

    • SHA512

      5788097d8a613e78644e8a94123b06d93c708216fe92c2865017933bd3b4ec507107c68ec31c7d58c595032b570f8c4e8f56db9d51927a3764fb699d89ff70c3

    • SSDEEP

      6144:EAYL50f+dgN8BMStlQfAk/X0DfU/8utzIPrdWspxFoZDf820w7/vFip6y/OMB:EAM9e82fZPMfq3tzWdvoZL9/fMB

    Score
    10/10
    vidar408spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks